CN110809191A - Video tamper-proofing method and system based on index verification and real-time package conversion - Google Patents
Video tamper-proofing method and system based on index verification and real-time package conversion Download PDFInfo
- Publication number
- CN110809191A CN110809191A CN201910950310.2A CN201910950310A CN110809191A CN 110809191 A CN110809191 A CN 110809191A CN 201910950310 A CN201910950310 A CN 201910950310A CN 110809191 A CN110809191 A CN 110809191A
- Authority
- CN
- China
- Prior art keywords
- index
- segment
- video
- audio
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
- Television Signal Processing For Recording (AREA)
Abstract
The invention discloses a video tamper-proofing method and system based on index verification and real-time package conversion, and relates to the technical field of CDN audio and video. The filling multiplexing encapsulation information of the modified index changes the original simple index into the basis of real-time conversion encapsulation, the stored content is also changed into independent pure audio and pure video from the original file, the verification is only carried out during the final service, the risks of various tampering in the transmission and storage process are effectively avoided, the tamper-resistant capability of the video CDN is not limited by the live broadcast and on-demand modes, and is not limited by the audio and video encapsulation format.
Description
Technical Field
The invention relates to the technical field of CDN audio and video, in particular to a video tamper-proofing method and system based on index verification and real-time conversion packaging.
Background
A CDN (Content Delivery Network) is an intelligent virtual Network constructed on the basis of an existing Network, and by means of edge servers deployed in various places, users can obtain required Content nearby through functional modules of load balancing, Content Delivery, scheduling, and the like of a platform, so that Network congestion is reduced, and the access response speed and hit rate of the users are improved. The key technology of the CDN is mainly content storage and distribution technology. The video CDN is to distribute and store the content as audio and video. The storage of content in the video CDN mostly adopts a fragment storage manner, a fragment and fragment dependent index (index) file records key location information and an association relationship, and the index is used for quickly positioning fragment information and performing parallel processing so as to increase IO processing capability. The index files are different according to different playing modes, one index file corresponds to all the fragments on demand, one index file corresponds to one time interval on live broadcast, and the plurality of indexes are sequentially connected to cover the whole live broadcast process.
Audio and video decapsulation and demultiplexing are core technologies in audio and video processing, wherein decapsulation refers to a process of extracting audio and video mixed data from audio and video in a file format, and demultiplexing refers to separation of audio and video streams from the audio and video mixed data.
With the continuous increase of the video service demand, the application of the video CDN is more and more extensive, and the audio and video are transmitted from the content library to the edge in the CDN network based on the public network more and more commonly. Originally, various threats face a traditional data CDN layer, and the threats also exist for audio and video, including content hijacking and content tampering.
The traditional data CDN is a method for integrally encrypting more selected contents in a tamper-proof way or integrally calculating information entropy of the contents. The method is not very suitable for audio and video at present, with the continuous popularization of 4K video, 30-100 Mbit data need to be calculated every second, and the upper limit of algorithms such as MD5 or CRC32 calculated by software for a common server is exceeded. In addition, a mode of adding a specific signature or randomly and discretely selecting data to calculate a check value is adopted to process the video, but the method also has the problems of easy counterfeiting, easy false alarm of transmission error code and the like. Therefore, the existing method has difficulty in guaranteeing the video CDN audio and video tamper resistance.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a video tamper-proofing method and system based on index verification and real-time conversion packaging, which effectively avoid the risk of various tampering in the transmission and storage processes, are not limited by live broadcast and on-demand modes, and are not limited by audio and video packaging formats.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows: a video tamper-proofing method based on index verification and real-time package conversion comprises the following steps:
acquiring original audio and video content, and preprocessing the original audio and video content to generate an index and an ES fragment to be stored;
storing the index and the ES segment into a content library, establishing a mapping relation from the index to a physical storage position of the ES segment, encrypting and storing the index, and storing an original text of the ES segment;
when a user requests audio and video service, acquiring an index according to the request, and pulling a corresponding ES fragment from a content library according to the index and the mapping relation;
and performing tamper-proof verification on the pulled ES fragment content according to the index, and performing real-time encapsulation when the verification is passed.
On the basis of the scheme, the method for generating the index and the ES fragment to be stored by acquiring the original audio and video content and preprocessing the original audio and video content comprises the following steps:
decapsulate and demultiplex the original audio and video, and analyze the encoding head according to the encoding type to obtain key information of the original audio and video stream;
recording the key information of the original audio and video stream into an index, and increasing a recording time stamp;
determining the calculation starting and stopping positions of the anti-tampering check value by adopting a preset rule, calculating the anti-tampering check value and inputting the anti-tampering check value into an index;
an ES stream is divided into a plurality of ES segments by using a fixed time as a threshold value, and the segment number and the segment length are recorded in an index.
On the basis of the scheme, the key information of the original audio and video stream comprises: the original file name, average code rate, video coding, resolution, video average frame rate, total video frame number, audio coding, total audio frame number, PTS value and position, DTS value and position, frame starting position and frame length of the audio and video stream, and if the video stream is the video stream, the frame type and the image sequence head position are also included.
On the basis of the scheme, the starting and stopping positions calculated by the check field of the anti-tampering check value are determined by adopting a preset rule, the anti-tampering check value is calculated and is recorded into the index, and the method specifically comprises the following steps:
for a video, selecting ES data from the head position of an image sequence to the head and tail of a following I frame as a check field to calculate an anti-tampering check value, and storing the anti-tampering check value and the check length in an image sequence segment;
for audio, selecting ES data from an audio frame starting position to a frame ending position containing PTS as a check field to calculate an anti-tampering check value, and selecting 1152 bytes at most to calculate the anti-tampering check value for PCM encoded data without definite frame length; the anti-tampering check value and the check length are stored at the tail of the corresponding audio frame segment.
Based on the above scheme, when an ES stream is divided into a plurality of ES segments by taking a fixed time as a threshold, the required division conditions are as follows: the segmentation position needs to be at the frame end position when the frame end position is clear, the ES segment contains more than three complete anti-tampering check value check fields, and the data segment is not cut off.
On the basis of the scheme, tamper-proof verification is carried out on the pulled ES fragment content according to the index, and real-time package conversion is carried out when the verification is passed, and the method specifically comprises the following steps:
acquiring an index, and sequentially acquiring a video ES segment or an audio ES segment according to the ES segment number;
checking whether the length of the fragment is consistent with the record in the index, if not, retrying for more than a set number of times, skipping the fragment, and giving an alarm according to an internal error;
if the data segment is the same as the data segment, calculating a check value according to the start-stop position of the check data segment recorded in the index, comparing the check value with the existing check value in the index, and if the data segment is the same as the data segment, passing the check and performing real-time package; if the segment is not equal, if the segment is different, retry is carried out, if the retry exceeds the set times, the segment is discarded, and a tamper alarm is sent out;
sequencing the ES segments passing the check according to the index content indication, filling the ES segments into a buffer, and filling a multiplexing context according to the start-stop position, the PTS value and position, the DTS value and position of the audio/video frame in the ES segment corresponding to the index; adopting the multiplexing context to carry out audio and video ES merging check, and checking the validity of ES segment heads and the consistency of frame boundaries in a buffer area; if the verification is passed, outputting the combined content; if the error is checked, retrying, if the retrying exceeds the set times, abandoning the segment, and sending a tamper alarm.
The invention also provides a video tamper-proofing system based on index verification and real-time package conversion, which comprises:
a content pre-processing module to: acquiring original audio and video content, and preprocessing the original audio and video content to generate an index and an ES fragment to be stored;
a content base storage module to: storing the index and the ES segment into a content library, and establishing a mapping relation from the index to a physical storage position of the ES segment; encrypting the storage index and storing the ES fragment in the original text;
an edge node storage module to: when a user requests audio/video service, acquiring an index according to the request, and pulling and storing a corresponding ES fragment from a content library according to the index and the mapping relation;
an edge node service module to: and performing tamper-proof verification on the acquired ES fragment content according to the index, and performing real-time encapsulation when the verification is passed.
On the basis of the scheme, the content preprocessing module acquires original audio and video content, and generates an index and an ES fragment to be stored through preprocessing, and the method specifically comprises the following steps:
decapsulate and demultiplex the original audio and video, and analyze the encoding head according to the encoding type to obtain key information of the original audio and video stream;
recording the key information of the original audio and video stream into an index, and increasing a recording time stamp;
determining the calculation starting and stopping positions of the anti-tampering check value by adopting a preset rule, calculating the anti-tampering check value and inputting the anti-tampering check value into an index;
an ES stream is divided into a plurality of ES segments by using a fixed time as a threshold value, and the segment number and the segment length are recorded in an index.
On the basis of the scheme, the key information of the original audio and video stream comprises: the original file name, average code rate, video coding, resolution, video average frame rate, total video frame number, audio coding, total audio frame number, PTS value and position, DTS value and position, frame starting position and frame length of the audio and video stream, and if the video stream is the video stream, the frame type and the image sequence head position are also included.
On the basis of the scheme, the content preprocessing module determines the starting and stopping positions calculated by the check field of the anti-tampering check value by adopting a preset rule, calculates the anti-tampering check value and inputs the anti-tampering check value into the index, and the method specifically comprises the following steps:
for a video, selecting ES data from the head position of an image sequence to the head and tail of a following I frame as a check field to calculate an anti-tampering check value, and storing the anti-tampering check value and the check length in an image sequence segment;
for audio, selecting ES data from an audio frame starting position to a frame ending position containing PTS as a check field to calculate an anti-tampering check value, and selecting 1152 bytes at most to calculate the anti-tampering check value for PCM encoded data without definite frame length; the anti-tampering check value and the check length are stored at the tail of the corresponding audio frame segment.
On the basis of the above scheme, when the content pre-processing module divides the ES stream into a plurality of ES segments according to a fixed time as a threshold, the required division conditions are as follows: the segmentation position needs to be at the frame end position when the frame end position is clear, the ES segment contains more than three complete anti-tampering check value check fields, and the data segment is not cut off.
On the basis of the scheme, the edge node service module performs tamper-proof verification on the pulled ES fragment content according to the index, and performs real-time encapsulation when the verification is passed, and the method specifically comprises the following steps:
acquiring an index, and sequentially acquiring a video ES segment or an audio ES segment according to the ES segment number;
checking whether the length of the fragment is consistent with the record in the index, if not, retrying for more than a set number of times, skipping the fragment, and giving an alarm according to an internal error;
if the data segment is the same as the data segment, calculating a check value according to the start-stop position of the check data segment recorded in the index, comparing the check value with the existing check value in the index, and if the data segment is the same as the data segment, passing the check and performing real-time package; if the segment is not equal, if the segment is different, retry is carried out, if the retry exceeds the set times, the segment is discarded, and a tamper alarm is sent out;
sequencing the ES segments passing the check according to the index content indication, filling the ES segments into a buffer, and filling a multiplexing context according to the start-stop position, the PTS value and position, the DTS value and position of the audio/video frame in the ES segment corresponding to the index; adopting the multiplexing context to carry out audio and video ES merging check, and checking the validity of ES segment heads and the consistency of frame boundaries in a buffer area; if the verification is passed, outputting the combined content; if the error is checked, retrying, if the retrying exceeds the set times, abandoning the segment, and sending a tamper alarm.
Compared with the prior art, the invention has the advantages that:
the invention provides the check words which are closely associated with the content and have centralized information through indexing, thereby reducing the calculation overhead and supporting the transmission of the audio and video content with larger code rate while ensuring the anti-tampering strength of the audio and video. The filling multiplexing encapsulation information of the index is reformed, the original simple index is changed into the basis of real-time encapsulation, the storage content is also changed into independent pure audio and pure video from the original file, and the verification is only carried out during the final service. The risk of various tampering in the transmission and storage process is effectively avoided, and the tamper-resistant capability of the video CDN is not limited by live broadcast and on-demand modes and is not limited by an audio and video packaging format.
Drawings
Fig. 1 is a schematic flowchart of a video tamper-proofing method based on index verification and real-time package conversion according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating step S01 of the video tamper-proofing method based on index verification and real-time package conversion according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating step S04 of the video tamper-proofing method based on index verification and real-time package conversion according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating an association relationship between an index and an ES fragment and a check value according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a video tamper-proofing system based on index verification and real-time package conversion according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides a video tamper-proofing method based on index verification and real-time encapsulation, including the following steps:
acquiring original audio and video content, and preprocessing the original audio and video content to generate an index and an ES fragment to be stored;
storing the index and the ES segment into a content library, and establishing a mapping relation from the index to a physical storage position of the ES segment; index encryption storage and ES fragment original text storage;
when a user requests audio and video service, acquiring an index according to the request, and pulling a corresponding ES fragment from a content library according to the index and the mapping relation;
and performing tamper-proof verification on the pulled ES fragment content according to the index, and performing real-time encapsulation when the verification is passed.
Referring to fig. 2 and 4, as a preferred embodiment, acquiring original audio and video content, and preprocessing to generate an index and an ES segment to be stored, specifically includes the following steps:
and S11, collecting the original audio and video content from the special reliable link.
And S12, acquiring key information of the original audio and video stream. De-encapsulating and de-multiplexing the original audio and video, analyzing an encoding header according to the encoding type, and recording the original file name, the average code rate, the video encoding resolution, the video average frame rate, the total video frame number, the audio encoding, the total audio frame number, the PTS (presentation Time stamp) value and position, the DTS (Decoding Time stamp) value and position, the frame starting position and the frame length of the audio and video stream, wherein the video part needs to additionally record the frame type (I, B, P) and the image sequence header position. While the corresponding independent video ES stream and audio ES stream are separated by this process.
Wherein, for a video: an ES segment corresponds to more than three image sequences, each image sequence has a plurality of video frames, and each image sequence has a check value.
For audio: an ES segment corresponds to a plurality of audio frames, each having a check value.
S13 and index add information related to the encapsulation multiplexing, including: generating original film information content in the index according to the data of S12, and recording all the original film information content in the index; increasing a recording time stamp, and calculating a theoretical time stamp by matching with the average code rate from 0; adding a calculation anti-tampering check value, calculating the check value by using an information entropy algorithm for ES data from the head position of a video selection image sequence to the immediately following head I frame tail, calculating the check value by using the information entropy algorithm for ES data from the start position of an audio frame containing PTS to the frame end position of the audio selection audio frame (particularly, 1152 bytes are selected from the start position of the PTS for calculation for PCM audio, the PCM audio has no definite frame end position, and 1152 bytes are selected as an algorithm convention for being convenient to be compatible with other algorithms), and recording the start and end positions of an original data segment of the check value. The information entropy algorithm is preferably MD5, and CRC32 or SHA can be selected, but must be consistent with the check algorithm in step 4. For video, the non-first ES slice verification method is the same as the first ES slice, that is, ES data from the head of the image sequence to the end of the immediately preceding I frame is selected as a verification field to calculate a tamper-proof verification value.
And S14, recording the corresponding relation of the content slices and the index. The ES stream is divided into a plurality of segments with a fixed time as a threshold with reference to the original index slice rule, and the segment number and the segment length are recorded in the index. Additional segmentation requirements: for the case of clear frame segmentation, the segmentation position needs to be at the frame end position, and it needs to be ensured that the segment contains more than 3 data segments corresponding to complete check fields, and the data segments are not cut off. And simultaneously, converting the starting and stopping positions of the check value data segment corresponding to the segment, and updating the starting and stopping positions in the index.
Preferably, the steps of storing the index and the ES segment in a content library, establishing a mapping relationship from the index to a physical storage location of the ES segment, encrypting and storing the index, and storing the original text of the ES segment specifically include the following steps:
establishing mapping from the audio and video names to the index, and encrypting and storing the index (the encryption mode and the secret key need to be agreed with the edge CDN in advance); video ES segments and audio ES segments are stored discretely. And according to the recorded segment information in the index, establishing a mapping relation from the index to the physical storage position of the ES segment so as to search in parallel at high speed. The index calculation amount is small, the information amount is large, the index is protected through encryption, the transmission tampering and the local tampering of the whole file can be prevented, and the encryption mode is not limited.
As a preferred embodiment, when a user requests an audio/video service, an index is obtained according to the request, and a corresponding ES segment is pulled from a content library according to the index and the mapping relationship, which specifically includes the following steps:
and obtaining audio and video content from the CDN content library. Firstly, obtaining the index, decrypting the index in a memory, and storing the index in a ciphertext form. And then, pulling the segments from the CDN content library in parallel according to the ES segment information in the index for storage.
Referring to fig. 3, as a preferred embodiment, tamper-proof verification is performed on the content of the pulled ES segment according to the index, and real-time encapsulation is performed when the verification passes, which specifically includes the following steps:
and S41, obtaining index plaintext, and synchronously obtaining the video ES segments and the audio ES segments in sequence according to the ES segment numbers. Checking whether the fragment length is consistent with the record in the index, if not, returning to the step S03 for retry, retrying for more than 3 times, skipping the fragment, and alarming according to an internal error.
And S42, calculating the check value in the segment. Calculating a check value according to the start-stop position of the check data segment recorded in the index, comparing the check value with the existing check value in the index, and entering S43 real-time encapsulation step when the check value is equal to the existing check value in the index; when the values are not equal, the process returns to step S03 to obtain the error again, and if the error is checked again, the segment is discarded and a tamper alarm is issued. Real-time package conversion (real-time different package output according to the request of the client list).
And S43, audio and video merging check. And filling the ES fragments passing the check into a buffer, and filling a multiplexing context according to the start-stop position, the PTS value and the position, the DTS value and the position of the audio/video frame corresponding to the fragments in the index. And carrying out audio and video ES merging check by utilizing the multiplexing context, and checking the validity of the ES head of the buffer area and the consistency of the frame boundary in the process. If the error is checked, the process returns to step S03 to obtain the error again, and if the error is checked again, the segment is discarded and a tamper alarm is issued.
S44, completing multiplexing and packaging output according to the video format required by the negotiation with the terminal, and providing service.
Referring to fig. 5, an embodiment of the present invention further provides a video tamper-proofing system based on index verification and real-time encapsulation, including:
a content pre-processing module to: acquiring original audio and video content, and preprocessing the original audio and video content to generate an index and an ES fragment to be stored;
a content base storage module to: storing the index and the ES segment into a content library, establishing a mapping relation from the index to a physical storage position of the ES segment, encrypting and storing the index, and storing an original text of the ES segment;
an edge node storage module to: when a user requests audio/video service, acquiring an index according to the request, and pulling and storing a corresponding ES fragment from a content library according to the index and the mapping relation;
an edge node service module to: and performing tamper-proof verification on the acquired ES fragment content according to the index, and performing real-time encapsulation when the verification is passed.
As a preferred embodiment, the content preprocessing module acquires original audio and video content, and generates an index and an ES segment to be stored by preprocessing, including the following steps:
decapsulate and demultiplex the original audio and video, and analyze the encoding head according to the encoding type to obtain key information of the original audio and video stream;
recording the key information of the original audio and video stream into an index, and increasing a recording time stamp;
determining the calculation starting and stopping positions of the anti-tampering check value by adopting a preset rule, calculating the anti-tampering check value and inputting the anti-tampering check value into an index;
an ES stream is divided into a plurality of ES segments by using a fixed time as a threshold value, and the segment number and the segment length are recorded in an index.
As a preferred embodiment, the original audio/video stream key information includes: the original file name, average code rate, video coding, resolution, video average frame rate, total video frame number, audio coding, total audio frame number, PTS value and position, DTS value and position, frame starting position and frame length of the audio and video stream, and if the video stream is the video stream, the frame type and the image sequence head position are also included.
As a preferred embodiment, the content preprocessing module determines, by using a preset rule, a start-stop position calculated by a check field of the tamper-resistant check value, calculates the tamper-resistant check value, and enters the tamper-resistant check value into the index, and specifically includes the following steps:
for a video, selecting ES data from the head position of an image sequence to the head and tail of a following I frame as a check field to calculate an anti-tampering check value, and storing the anti-tampering check value and the check length in an image sequence segment;
for audio, selecting ES data from an audio frame starting position to a frame ending position containing PTS as a check field to calculate an anti-tampering check value, and selecting 1152 bytes at most to calculate the anti-tampering check value for PCM encoded data without definite frame length; the anti-tampering check value and the check length are stored at the tail of the corresponding audio frame segment.
As a preferred embodiment, when the content pre-processing module divides the ES stream into a plurality of ES segments according to a fixed time as a threshold, the required division conditions are as follows: the segmentation position needs to be at the frame end position when the frame end position is clear, the ES segment contains more than three complete anti-tampering check value check fields, and the data segment is not cut off.
As a preferred embodiment, the edge node service module performs tamper-proof verification on the pulled ES segment content according to the index, and performs real-time encapsulation when the verification passes, specifically including the following steps:
acquiring an index, and sequentially acquiring a video ES segment or an audio ES segment according to the ES segment number;
checking whether the length of the fragment is consistent with the record in the index, if not, retrying for more than a set number of times, skipping the fragment, and giving an alarm according to an internal error;
if the data segment is the same as the data segment, calculating a check value according to the start-stop position of the check data segment recorded in the index, comparing the check value with the existing check value in the index, and if the data segment is the same as the data segment, passing the check and performing real-time package; if the segment is not equal, if the segment is different, retry is carried out, if the retry exceeds the set times, the segment is discarded, and a tamper alarm is sent out;
sequencing the ES segments passing the check according to the index content indication, filling the ES segments into a buffer, and filling a multiplexing context according to the start-stop position, the PTS value and position, the DTS value and position of the audio/video frame in the ES segment corresponding to the index; adopting the multiplexing context to carry out audio and video ES merging check, and checking the validity of ES segment heads and the consistency of frame boundaries in a buffer area; if the verification is passed, outputting the combined content; if the error is checked, retrying, if the retrying exceeds the set times, abandoning the segment, and sending a tamper alarm.
The following describes the working process of the embodiment of the present invention by taking an example of requesting a certain 16 GB-sized 4K HEVC-encoded audio/video file.
The first is the process of injecting on-demand content from an external content source into a CDN vault. This process is usually done through a trusted private network, with the addition of an authentication and verification means negotiated with the content party, which can ensure the correctness of the content.
The specific implementation process is as follows:
1. and the CDN content library content preprocessing module acquires an original audio/video file from an external content source.
2. The method comprises the following steps of performing decapsulation and demultiplexing processing on an obtained original audio/video file, and obtaining audio/video related information required by an index (index) through a processing process, wherein the processing process comprises the following steps: the method comprises the steps of obtaining an original file name, an average code rate, a video coding resolution, a video average frame rate, a total video frame number, an audio code, a total audio frame number, a PTS value and position, a DTS value and position, a frame starting position and a frame length of an audio and video stream, and additionally recording a frame type (I, B, P) and an image sequence header position in a video part. The de-encapsulation and de-multiplexing process needs to be changed according to the encapsulation and encoding of the original file, and can be completed by the aid of an avformat library and an avcodec library of FFMPEG in cooperation with an encoding encapsulation plug-in. And for the condition that the original audio and video file has multiple paths of audio, the index file header additionally identifies the related information. The process outputs independent video ES streams and audio ES streams simultaneously.
3. And determining the calculation starting and stopping positions of the anti-tampering check values according to the principle according to the audio and video related information of the original audio and video file, and calculating the check values by using an information entropy algorithm agreed with the edge nodes to generate an index main body. And storing the check value to a corresponding position according to the structure of the index. For the video, selecting ES data from the head position of an image sequence to the head I frame end, and calculating a check value, wherein the check value and the check length are stored in an image sequence segment; for audio, ES data from the start position of an audio frame containing PTS to the end position of the frame is selected to calculate a check value, and for PCM encoded data without definite frame length, 1152 bytes at most are selected to be calculated, and the check value is stored at the tail of the corresponding audio frame segment.
4. And slicing the independent video ES stream and audio ES stream according to the requirement of CDN fragment storage, wherein the slicing time length is fixed and can be selected to be 30 seconds or 4 minutes, and the like, numbering the slicing completion fragments according to the time sequence while slicing, and recording the slicing length. Slicing rules: the slice does not cut off the frame, the slice does not cut off the check value calculation data, and any slice contains 3 or more than 3 check values. In the process, the data segment of the check value is converted at the same time to correspond to the start-stop position in the segment, and the start-stop position is updated in the index. And after the updating is completed, really completing the index, and streaming or storing the index.
5. And after the 4 preprocessing processes are completed, transmitting the generated index, the independent audio ES fragments and the independent video ES fragments to a CDN content library storage module through an internal interface. And the content library storage module encrypts and stores the index, directly and discretely stores the ES segments, and establishes a mapping relation from the index to the physical storage positions of the ES segments according to the recorded segment information in the index in the storage process so as to facilitate high-speed parallel search.
And then the terminal requests the CDN edge to access audio and video services on demand. In this process, if the edge node does not cache the content in advance, the content is pulled from the content library, and the edge service is pulled.
The specific process is as follows:
1. and the terminal requests audio and video service from the CDN edge service module, and the two parties negotiate a transmission protocol and confirm encapsulation.
2. The CDN edge services module requests resources from the edge storage module. And the edge storage module inquires and stores a non-content trigger to return the source pulling process to the CDN content library.
3. And the CDN content storage module transmits the encrypted index to the CDN edge storage module according to the request file name.
4. The CDN edge storage module decrypts the index, reads the ES segment name in the index, and requests the ES segment from the CDN content library storage module by using the ES segment name, wherein the process relates to a plurality of ES segments, and the request process is parallel. After the fragment is acquired, whether the length of the fragment is consistent with that of the fragment recorded in the index is checked, if not, the fragment is tried to be pulled again, the retry is carried out for more than 3 times, the fragment is skipped over, and an alarm is given according to an internal error.
5. And after the CDN edge storage module receives the ES segment, transmitting the index plain text to the edge service module through the memory, and storing the ciphertext locally. And simultaneously, the received ES segments are synchronously and parallelly transmitted to the edge service module and locally and discretely stored.
6. And after receiving the index, the CDN edge service module reads the length of the specified ES segment according to the content of the index, calculates the information entropy and compares the calculation result with the index storage content. If the calculation results are equal, entering the next step; otherwise, the CDN edge storage module is informed to obtain the ES segment again, and the ES segment is verified again according to the flow. When the two verifications are not equal, the segment is discarded, and a tamper alarm is sent out at the same time.
7. The ES slices are sorted according to the index content indication and a padding multiplexing context is added. In the process, the validity of the ES header is checked, the frame boundary is checked with the record in the index, and the context is filled if the check is correct, and the next step is carried out. And when the error is checked, otherwise, informing the CDN edge storage module to obtain the ES segment again, and verifying again according to the flow. When the two verifications are not equal, the segment is discarded, and a tamper alarm is sent out at the same time.
8. And according to the negotiation transmission protocol of the two parties and the confirmed encapsulation, streaming output is carried out on the context content, and the service is provided for the terminal.
According to experimental actual data statistics, an index file size of 2.7MB is generated for a 4K HEVC-coded audio/video file with a 16GB size and a 26Mbps code rate, and the total size of input data of information entropy is calculated in the index is 945 MB. Compared with the traditional CDN full data (16GB size) encryption, the data volume (namely 2.7MB plus 945MB) encrypted by the actual anti-tampering information entropy computer is reduced by 94.3%, so that the anti-tampering information computing and processing capacity is greatly improved, and the design expectation is reached.
Based on the same inventive concept, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, all or part of the method steps of the video tamper-proofing method based on index verification and real-time trans-encapsulation are implemented.
The invention realizes all or part of the flow in the video tamper-proofing method based on index verification and real-time package conversion, and can also be completed by instructing related hardware through a computer program, wherein the computer program can be stored in a computer readable storage medium, and when the computer program is executed by a processor, the steps of the various method embodiments can be realized. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, in accordance with legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunications signals.
Based on the same inventive concept, an embodiment of the present application further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program running on the processor, and the processor implements all or part of the method steps in the video anti-tampering method based on index verification and real-time package conversion when executing the computer program.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, the processor being the control center of the computer device and the various interfaces and lines connecting the various parts of the overall computer device.
The memory may be used to store computer programs and/or modules, and the processor may implement various functions of the computer device by executing or executing the computer programs and/or modules stored in the memory, as well as by invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, video data, etc.) created according to the use of the cellular phone, etc. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, server, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), servers and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (12)
1. A video tamper-proofing method based on index verification and real-time package conversion is characterized by comprising the following steps:
acquiring original audio and video content, and preprocessing the original audio and video content to generate an index and an ES fragment to be stored;
storing the index and the ES segment into a content library, establishing a mapping relation from the index to a physical storage position of the ES segment, encrypting and storing the index, and storing an original text of the ES segment;
when a user requests audio and video service, acquiring an index according to the request, and pulling a corresponding ES fragment from a content library according to the index and the mapping relation;
and performing tamper-proof verification on the pulled ES fragment content according to the index, and performing real-time encapsulation when the verification is passed.
2. The method of claim 1, wherein the steps of obtaining original audio and video content, preprocessing the generated index and the ES segment to be stored comprise:
decapsulate and demultiplex the original audio and video, and analyze the encoding head according to the encoding type to obtain key information of the original audio and video stream;
recording the key information of the original audio and video stream into an index, and increasing a recording time stamp;
determining the calculation starting and stopping positions of the anti-tampering check value by adopting a preset rule, calculating the anti-tampering check value and inputting the anti-tampering check value into an index;
an ES stream is divided into a plurality of ES segments by using a fixed time as a threshold value, and the segment number and the segment length are recorded in an index.
3. The method of claim 2, wherein the original audio-video stream key information comprises: the original file name, average code rate, video coding, resolution, video average frame rate, total video frame number, audio coding, total audio frame number, PTS value and position, DTS value and position, frame starting position and frame length of the audio and video stream, and if the video stream is the video stream, the frame type and the image sequence head position are also included.
4. The method according to claim 3, wherein the starting and ending positions calculated by the check field of the tamper-proof check value are determined by using a preset rule, the tamper-proof check value is calculated and recorded into the index, and the method specifically comprises the following steps:
for a video, selecting ES data from the head position of an image sequence to the head and tail of a following I frame as a check field to calculate an anti-tampering check value, and storing the anti-tampering check value and the check length in an image sequence segment;
for audio, selecting ES data from an audio frame starting position to a frame ending position containing PTS as a check field to calculate an anti-tampering check value, and selecting 1152 bytes at most to calculate the anti-tampering check value for PCM encoded data without definite frame length; the anti-tampering check value and the check length are stored at the tail of the corresponding audio frame segment.
5. The method of claim 4, wherein when the ES stream is divided into a plurality of ES segments by using a fixed time as a threshold, the dividing conditions are satisfied as follows: the segmentation position needs to be at the frame end position when the frame end position is clear, the ES segment contains more than three complete anti-tampering check value check fields, and the data segment is not cut off.
6. The method of claim 1, wherein tamper-proof verification is performed on the contents of the pulled ES segments according to the index, and real-time encapsulation is performed when the verification passes, the method specifically comprising the steps of:
acquiring an index, and sequentially acquiring a video ES segment or an audio ES segment according to the ES segment number;
checking whether the length of the fragment is consistent with the record in the index, if not, retrying for more than a set number of times, skipping the fragment, and giving an alarm according to an internal error;
if the data segment is the same as the data segment, calculating a check value according to the start-stop position of the check data segment recorded in the index, comparing the check value with the existing check value in the index, and if the data segment is the same as the data segment, passing the check and performing real-time package; if the segment is not equal, if the segment is different, retry is carried out, if the retry exceeds the set times, the segment is discarded, and a tamper alarm is sent out;
sequencing the ES segments passing the check according to the index content indication, filling the ES segments into a buffer, and filling a multiplexing context according to the start-stop position, the PTS value and position, the DTS value and position of the audio/video frame in the ES segment corresponding to the index; adopting the multiplexing context to carry out audio and video ES merging check, and checking the validity of ES segment heads and the consistency of frame boundaries in a buffer area; if the verification is passed, outputting the combined content; if the error is checked, retrying, if the retrying exceeds the set times, abandoning the segment, and sending a tamper alarm.
7. A video tamper-proofing system based on index verification and real-time package conversion is characterized by comprising:
a content pre-processing module to: acquiring original audio and video content, and preprocessing the original audio and video content to generate an index and an ES fragment to be stored;
a content base storage module to: storing the index and the ES segment into a content library, and establishing a mapping relation from the index to a physical storage position of the ES segment; encrypting the storage index and storing the ES fragment in the original text;
an edge node storage module to: when a user requests audio/video service, acquiring an index according to the request, and pulling and storing a corresponding ES fragment from a content library according to the index and the mapping relation;
an edge node service module to: and performing tamper-proof verification on the acquired ES fragment content according to the index, and performing real-time encapsulation when the verification is passed.
8. The system of claim 7, wherein the content preprocessing module obtains original audio and video content, and generates an index and an ES segment to be stored by preprocessing, and specifically includes the following steps:
decapsulate and demultiplex the original audio and video, and analyze the encoding head according to the encoding type to obtain key information of the original audio and video stream;
recording the key information of the original audio and video stream into an index, and increasing a recording time stamp;
determining the calculation starting and stopping positions of the anti-tampering check value by adopting a preset rule, calculating the anti-tampering check value and inputting the anti-tampering check value into an index;
an ES stream is divided into a plurality of ES segments by using a fixed time as a threshold value, and the segment number and the segment length are recorded in an index.
9. The system of claim 8, wherein the original audio-video stream key information comprises: the original file name, average code rate, video coding, resolution, video average frame rate, total video frame number, audio coding, total audio frame number, PTS value and position, DTS value and position, frame starting position and frame length of the audio and video stream, and if the video stream is the video stream, the frame type and the image sequence head position are also included.
10. The system according to claim 9, wherein the content preprocessing module determines a start-stop position of calculation of a check field of the tamper-proof check value by using a preset rule, calculates the tamper-proof check value and enters the tamper-proof check value into the index, and specifically includes the following steps:
for a video, selecting ES data from the head position of an image sequence to the head and tail of a following I frame as a check field to calculate an anti-tampering check value, and storing the anti-tampering check value and the check length in an image sequence segment;
for audio, selecting ES data from an audio frame starting position to a frame ending position containing PTS as a check field to calculate an anti-tampering check value, and selecting 1152 bytes at most to calculate the anti-tampering check value for PCM encoded data without definite frame length; the anti-tampering check value and the check length are stored at the tail of the corresponding audio frame segment.
11. The system of claim 10, wherein when the content pre-processing module divides the ES stream into a plurality of ES segments according to a fixed time threshold, the dividing conditions to be satisfied are: the segmentation position needs to be at the frame end position when the frame end position is clear, the ES segment contains more than three complete anti-tampering check value check fields, and the data segment is not cut off.
12. The system of claim 7, wherein the edge node service module performs tamper-proof verification on the content of the pulled ES fragment according to the index, and performs real-time encapsulation when the verification passes, specifically comprising the following steps:
acquiring an index, and sequentially acquiring a video ES segment or an audio ES segment according to the ES segment number;
checking whether the length of the fragment is consistent with the record in the index, if not, retrying for more than a set number of times, skipping the fragment, and giving an alarm according to an internal error;
if the data segment is the same as the data segment, calculating a check value according to the start-stop position of the check data segment recorded in the index, comparing the check value with the existing check value in the index, and if the data segment is the same as the data segment, passing the check and performing real-time package; if the segment is not equal, if the segment is different, retry is carried out, if the retry exceeds the set times, the segment is discarded, and a tamper alarm is sent out;
sequencing the ES segments passing the check according to the index content indication, filling the ES segments into a buffer, and filling a multiplexing context according to the start-stop position, the PTS value and position, the DTS value and position of the audio/video frame in the ES segment corresponding to the index; adopting the multiplexing context to carry out audio and video ES merging check, and checking the validity of ES segment heads and the consistency of frame boundaries in a buffer area; if the verification is passed, outputting the combined content; if the error is checked, retrying, if the retrying exceeds the set times, abandoning the segment, and sending a tamper alarm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910950310.2A CN110809191B (en) | 2019-10-08 | 2019-10-08 | Video tamper-proofing method and system based on index verification and real-time package conversion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910950310.2A CN110809191B (en) | 2019-10-08 | 2019-10-08 | Video tamper-proofing method and system based on index verification and real-time package conversion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110809191A true CN110809191A (en) | 2020-02-18 |
| CN110809191B CN110809191B (en) | 2022-01-07 |
Family
ID=69488047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910950310.2A Active CN110809191B (en) | 2019-10-08 | 2019-10-08 | Video tamper-proofing method and system based on index verification and real-time package conversion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110809191B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112866800A (en) * | 2020-12-31 | 2021-05-28 | 四川金熊猫新媒体有限公司 | Video content similarity detection method, device, equipment and storage medium |
| CN112911330A (en) * | 2021-02-01 | 2021-06-04 | 北京顺谋科技有限公司 | Streaming media atomization fingerprint extraction method |
| CN113300875A (en) * | 2021-02-10 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Return source data verification method, server, system and storage medium |
| CN115209224A (en) * | 2022-06-29 | 2022-10-18 | 乐视云计算有限公司 | TS section checking method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103037211A (en) * | 2011-09-29 | 2013-04-10 | 展讯通信(上海)有限公司 | Decoding processing method, device and playing equipment of streaming media files |
| CN105915493A (en) * | 2015-12-03 | 2016-08-31 | 乐视致新电子科技(天津)有限公司 | Audio and video real-time transmission method and device and audio and video real-time playing method and device |
| US20170334234A1 (en) * | 2016-05-19 | 2017-11-23 | Atlanta DTH, Inc. | System and Method for Identifying the Source of Counterfeit Copies of Multimedia Works Using Layered Simple Digital Watermarks |
| CN109996095A (en) * | 2019-03-28 | 2019-07-09 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of network video-on-demand prevents from stealing method, system and the medium of chain broadcasting |
-
2019
- 2019-10-08 CN CN201910950310.2A patent/CN110809191B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103037211A (en) * | 2011-09-29 | 2013-04-10 | 展讯通信(上海)有限公司 | Decoding processing method, device and playing equipment of streaming media files |
| CN105915493A (en) * | 2015-12-03 | 2016-08-31 | 乐视致新电子科技(天津)有限公司 | Audio and video real-time transmission method and device and audio and video real-time playing method and device |
| US20170334234A1 (en) * | 2016-05-19 | 2017-11-23 | Atlanta DTH, Inc. | System and Method for Identifying the Source of Counterfeit Copies of Multimedia Works Using Layered Simple Digital Watermarks |
| CN109996095A (en) * | 2019-03-28 | 2019-07-09 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of network video-on-demand prevents from stealing method, system and the medium of chain broadcasting |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112866800A (en) * | 2020-12-31 | 2021-05-28 | 四川金熊猫新媒体有限公司 | Video content similarity detection method, device, equipment and storage medium |
| CN112911330A (en) * | 2021-02-01 | 2021-06-04 | 北京顺谋科技有限公司 | Streaming media atomization fingerprint extraction method |
| CN113300875A (en) * | 2021-02-10 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Return source data verification method, server, system and storage medium |
| CN115209224A (en) * | 2022-06-29 | 2022-10-18 | 乐视云计算有限公司 | TS section checking method, device, equipment and storage medium |
| CN115209224B (en) * | 2022-06-29 | 2024-03-22 | 乐视云网络技术(北京)有限公司 | Transport stream segment verification method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110809191B (en) | 2022-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110809191B (en) | Video tamper-proofing method and system based on index verification and real-time package conversion | |
| US20180249190A1 (en) | Method and apparatus for cloud storage and cloud download of multimedia data | |
| US9648027B2 (en) | Segment authentication for dynamic adaptive streaming | |
| KR101244308B1 (en) | Encoding Method for moving picture file and the Digital right management using the same | |
| US20170171279A1 (en) | Method and terminal for online playing video stream | |
| US9160972B2 (en) | Digital signature system and digital signing method | |
| WO2022052630A1 (en) | Method and apparatus for processing multimedia information, and electronic device and storage medium | |
| KR20140146664A (en) | System and method for signaling segment encryption and key derivation for adaptive streaming | |
| US11522710B2 (en) | Blockchained media stored in a material exchange format file | |
| CN111181989B (en) | Method and system for realizing HLS distribution tamper resistance | |
| CN112615899A (en) | Large file transmission method, device and system | |
| US11218784B1 (en) | Method and system for inserting markers in a media presentation | |
| AU2014305015A1 (en) | Extensible media format system and methods of use | |
| WO2012126257A1 (en) | Media data processing method and device thereof | |
| EP2740276B1 (en) | Methods and systems for providing file data for media files | |
| KR20140129178A (en) | Enabling delivery of protected content using unprotected delivery services | |
| CN111600879B (en) | Data output/acquisition method and device and electronic equipment | |
| US11880475B2 (en) | Secure fast channel change | |
| CN111064717B (en) | Data encoding method, data decoding method, related terminal and device | |
| CN115396689A (en) | Intelligent cloud video transmission and storage method and system | |
| CN113810781A (en) | Video processing method, video processing device, video tracking method, video tracking device and storage medium | |
| WO2017207861A1 (en) | An arrangement for media stream organization | |
| FR2861240A1 (en) | Mobile telephone/personal digital assistant secure audiovisual digital sequence transmission having digital stream separated channels and complementary information nominal structure format header added | |
| EP4192018A1 (en) | Method and device for signing an encoded video sequence | |
| US20230116909A1 (en) | Signed video data with salted hashes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |